exploitDog

CVE-2014-4632

Опубликовано: 01 фев. 2015

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vsphere_data_protection:5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:vsphere_data_protection:5.8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00143

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-xgg6-7q2q-mcm5

github

больше 3 лет назад

VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate.

EPSS

Процентиль: 35%

0.00143

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310